I am listing a few common yet very useful plugins we can utilize for our WordPress websites:
Limit the number of login attempts that possible both through the normal login as well as using the auth cookies.
WordPress by default allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be cracked via brute-force relatively easily.
Limit Login Attempts Reloaded blocks an Internet address from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
- Limit the number of retry attempts when logging in (per each IP). This is fully customizable.
- Limit the number of attempts to log in using authorization cookies in the same way.
- Informs the user about the remaining retries or lockout time on the login page.
- Optional logging and optional email notification.
- Handles server behind the reverse proxy.
- It is possible to whitelist/blacklist IPs and Usernames.
- Sucuri Website Firewall compatibility.
- XMLRPC gateway protection.
- Woocommerce login page protection.
- Multi-site compatibility with extra MU settings.
- GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.
- Web Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
- [Premium] Real-time firewall rule and malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
- [Premium] Real-time IP Blacklist blocks all requests from the most malicious IPs, protecting your site while reducing load.
- Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data.
- Integrated malware scanner blocks requests that include malicious code or content.
- Protection from brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures.
WORDPRESS SECURITY SCANNER
- Malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
- [Premium] Real-time malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
- Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
- Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
- Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
- Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.
- [Premium] Checks to see if your site or IP have been blacklisted for malicious activity, generating spam or other security issue.
- With Live Traffic, monitor visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.
- [Premium] Stop brute force attacks permanently by using two factor authentication, one of the most secure forms of remote system authentication available.
- Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer.
W3 Total Cache improves the SEO and user experience of your site by increasing website performance, reducing download times via features like content delivery network (CDN) integration.
The only web host agnostic WordPress Performance Optimization (WPO) framework recommended by countless web developers and web hosts. Trusted by numerous companies like: AT&T, stevesouders.com, mattcutts.com, mashable.com, smashingmagazine.com, makeuseof.com, kiss925.com, pearsonified.com, lockergnome.com, johnchow.com, ilovetypography.com, webdesignerdepot.com, css-tricks.com and tens of thousands of others.
An inside look:
- Improvements in search engine result page rankings, especially for mobile-friendly websites and sites that use SSL
- At least 10x improvement in overall site performance (Grade A in WebPagetest or significant Google Page Speed improvements) when fully configured
- Improved conversion rates and “site performance” which affect your site’s rank on Google.com
- “Instant” repeat page views: browser caching
- Optimized progressive render: pages start rendering quickly and can be interacted with more quickly
- Reduced page load time: increased visitor time on site; visitors view more pages
- Improved web server performance; sustain high traffic periods
- Compatible with shared hosting, virtual private / dedicated servers and dedicated servers / clusters
- Transparent content delivery network (CDN) management with Media Library, theme files and WordPress itself
- Mobile support: respective caching of pages by referrer or groups of user agents including theme switching for groups of referrers or user agents
- Accelerated Mobile Pages (AMP) support
- Secure Socket Layer (SSL) support
- Caching of (minified and compressed) pages and posts in memory or on disk or on (FSD) CDN (by user agent group)
- Caching of feeds (site, categories, tags, comments, search results) in memory or on disk or on CDN
- Caching of search results pages (i.e. URIs with query string variables) in memory or on disk
- Caching of database objects in memory or on disk
- Caching of objects in memory or on disk
- Caching of fragments in memory or on disk
- Minification of posts and pages and feeds
- Minification of inline, embedded or 3rd party CSS (with automated updates)
- Browser caching using cache-control, future expire headers and entity tags (ETag) with “cache-busting”
- Import post attachments directly into the Media Library (and CDN)
- WP-CLI support for cache purging, query string updating and more
- Various security features
- Caching statistics for performance insights
- Extension framework for customization or extensibility e.g. New Relic, Cloudflare, WPML and more
- Reverse proxy integration via Nginx or Varnish
Improve the user experience for your readers without having to change WordPress, your theme, your plugins or how you produce your content.
Hassle-free design, marketing, and security — all in one place.
Create and customize your WordPress site from start to finish. Jetpack helps you with:
- Hundreds of professional themes for any kind of site
- Intuitive and powerful customization tools
- Unlimited and high-speed image and video content delivery network
- Lazy image loading for a faster mobile experience
- Integration with the official WordPress mobile apps
Measure, promote, and earn money from your site. Jetpack helps you with:
- Site stats and analytics
- Automated social media posting and scheduling in advance
- Elasticsearch-powered related content and site search
- SEO tools for Google, Bing, Twitter, Facebook, and WordPress.com
- Advertising program that includes the best of AdSense, Facebook Ads, AOL, Amazon, Google AdX, and Yahoo
- Simple PayPal payment buttons
Stop worrying about data loss, downtime, and hacking. Jetpack helps you with:
- Brute force attack protection, spam filtering, and downtime monitoring
- Daily or real-time backups of your entire site
- Secure logins with optional two-factor authentication
- Malware scanning, code scanning, and automated threat resolution
- Fast, priority support from WordPress experts
Need some help with your search engine optimization? Need an SEO plugin that helps you reach for the stars? Yoast SEO is the original WordPress SEO plugin since 2008. It is the favorite tool of millions of users, ranging from the bakery around the corner to some of the most popular sites on the planet. With Yoast SEO, you get a solid toolset that helps you aim for that number one spot in the search results. Yoast: SEO for everyone.
Yoast SEO does everything in its power to please both visitors and search engine spiders. How? Below you’ll find a small sampling of the powers of Yoast SEO:
TAKING CARE OF YOUR WORDPRESS SEO
- The most advanced XML Sitemaps functionality at the push of a button.
- Full control over site breadcrumbs: add a piece of code and you’re good to go.
- Set canonical URLs to avoid duplicate content. Never have to worry about Google penalties again.
- Title and meta description templating for better branding and consistent snippets in the search results.
WRITE KILLER CONTENT WITH YOAST SEO
- Content & SEO analysis: Invaluable tools to write SEO-friendly texts.
- The snippet preview shows you how your post or page will look in the search results – even on mobile. Yoast SEO Premium even has social media previews!
- [Premium] The Insights tool shows you what your text focuses on so you can keep your article in line with your keywords.
- [Premium] Multiple focus keywords: Optimize your article for synonyms and related keywords.
- [Premium] Automatic internal linking suggestions: write your article and get automatic suggested posts to link to.
KEEP YOUR SITE IN PERFECT SHAPE
- Yoast SEO tunes the engine of your site so you can work on creating great content.
- Our cornerstone content and internal linking features help you optimize your site structure in a breeze.
- Integrates with Google Search Console: See how your site performs in the search engines and fix crawl errors.
- Manage SEO roles: Give your colleagues access to specific sections of the Yoast SEO plugin.
- Bulk editor: Make large-scale edits to your site.
Use this plugin to greatly improve SEO to create special XML sitemaps which will help search engines like Google, Bing, Yahoo and Ask.com to better index your site.
With such a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently. The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.
We believe that you shouldn’t have to hire a developer to add Google Analytics to your website. That’s why we built MonsterInsights, a complete Google Analytics for WordPress plugin that’s EASY and POWERFUL.
MonsterInsights allow you to connect your WordPress website with Google Analytics, so you can see how visitors find and use your website, so you can keep them coming back. Simply put, we show you the stats that matter.
With almost 15 million downloads, MonsterInsights is the most popular Google Analytics plugin for WordPress.
At MonsterInsights, user experience is our #1 priority. That’s why we make it extremely easy for you to connect and view your Google Analytics reports from inside your WordPress dashboard. Our tracking settings and workflows make MonsterInsights the most beginner friendly google analytics plugin in the market.